492a8edc4386bc2194553a437c001e078bf64a90487b1896cfaccb9abfa22c01 | Triage

Submit
Reports

Overview

overview

Static

static

8

Documents389.xlsm

windows7_x64

Documents389.xlsm

windows10_x64

Sharing

General

Target

Documents389.xlsm
Size

57KB
Sample

210315-2wwpmllyd6
MD5

a3df654767610cdd5ef6d8420c773ede
SHA1

99c2321e718c6bec68fd11da84f9d7bfa7f4b4bc
SHA256

492a8edc4386bc2194553a437c001e078bf64a90487b1896cfaccb9abfa22c01
SHA512

d4df2d9d3743142d7960630a21e705b1acb50c152ab7af6f8fb445504aac8d43bf527023e5a76df95c995d8ee4794a54e27e8e5814e5245a846ab97ddeb29417

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Documents389.xlsm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Documents389.xlsm

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://xgka03stox03cloeqz.com/index.gif

Targets

- Target
  
  Documents389.xlsm
- Size
  
  57KB
- MD5
  
  a3df654767610cdd5ef6d8420c773ede
- SHA1
  
  99c2321e718c6bec68fd11da84f9d7bfa7f4b4bc
- SHA256
  
  492a8edc4386bc2194553a437c001e078bf64a90487b1896cfaccb9abfa22c01
- SHA512
  
  d4df2d9d3743142d7960630a21e705b1acb50c152ab7af6f8fb445504aac8d43bf527023e5a76df95c995d8ee4794a54e27e8e5814e5245a846ab97ddeb29417
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy